CVE-2002-1156

CVE-2002-1156 affects Apache 2.0.42. The vulnerability allows remote attackers to view the source of a CGI script via a POST to a directory where both WebDAV and CGI are enabled. This yields partial confidentiality impact per the NVD metrics (CVSS v2: AV:N/AC:L/Au:N/C:P/I:N/A:N; base score 5.0). ...

Apache < 2.0.46 Multiple Vulnerabilities

Binary data 1443.prm...

CGI Script Path Disclosure

Binary data 1540.prm...

GoScript go.cgi Arbitrary Command Execution

The remote host is running GoScript. The installed version fails to properly sanitize user-supplied input to the 'go.cgi' script. An unauthenticated, remote attacker could exploit this flaw to execute arbitrary commands on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

page.txt

Script affected: page.cgi - content/template merging CGI Author: Andrew Kilpatrick We can execute arbitrary commands with same id of the webserver: http://www.vulnerable.com/page.cgi?url=.html|id| Thanks : Infektion Group irc.phey.net -j infektion...

SandSurfer < 1.7.1 XSS

The remote host is running SandSurfer, a web-based time keeping application. A vulnerability has been disclosed in all versions of this software, up to version 1.7.0 included which may allow an attacker to use it to perform cross-site scripting attacks against third-party users. %NASLMINLEVEL 703...

CVE-2003-0992

CVE-2003-0992 is a documented cross-site scripting vulnerability in Mailman’s create CGI script, exploitable to steal cookies of other users. Affected versions are Mailman 2.1.x before 2.1.3; the issue is fixed in later releases (e.g., patches included in 2.1.3 and newer). The linked OpenVAS/Ness...

SGDynamo sgdynamo.exe HTNAME Parameter Path Disclosure

The CGI 'sgdynamo.exe' can be tricked into giving the physical path to the remote web root. This information may be useful to an attacker who can use it to launch more effective attacks against the remote server. %NASLMINLEVEL 70300 This script written by Scott Shebby 12/2003 See the Nessus Scrip...

[RHSA-2003:320-01] Updated httpd packages fix Apache security vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated httpd packages fix Apache security vulnerabilities Advisory ID: RHSA-2003:320-01 Issue date: 2003-12-16 Updated on: 2003-12-16 Product:...

Moderate: Red Hat Security Advisory: : Updated httpd packages fix Apache security vulnerabilities

Updated httpd packages that fix two minor security issues in the Apache Web server are now available for Red Hat Linux 8.0 and 9. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. An issue in the handling of regular expressions from configuration fil...

CVE-2003-1137

Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk wildcard character...

lednews.txt

XSS Vulnerability in LedNews CGI/Perl v0.7 URL: http://www.ledscripts.com/index.php?page=free:perl:lednews Description ======= LedNews is a CGI application written entirely in perl. Its designed to be as simple as possible, but very powerful at the same thing. Vulnerability ======== The script do...

CVE-2003-0217

Cross-site scripting XSS vulnerability in Neoteris Instant Virtual Extranet IVE 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script...

Netwin WebNews Webnews.exe Remote Overflow

The remote host appears to be running WebNews, which offers web-based access to Usenet news. Some versions of WebNews are prone to a buffer overflow when processing a query string with an overly-long group parameter. An attacker may be able to leverage this issue to execute arbitrary shell code o...

Bandmin 1.4 index.cgi Multiple Parameter XSS

The remote host is running the Bandmin CGI suite. There is a cross-site scripting issue in this suite that may allow an attacker to steal your users cookies. The flaw lies in the cgi bandwitdh/index.cgi %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Date: 28 May 2003 16:38:40 -0000 From:...

Bandmin 1.4 XSS Exploit

Bandmin 1.4 XSS Exploit by Silent Needle A:BACKGROUND Bandmin is a cgi script show you the bandwidth for the sites in the server. B:DESCRIPTION The cross site scripting allow you to print a html or javascript or others in the webpage when it just open not write in the page. C:EXPLOIT These are th...

CVE-2003-0217

CVE-2003-0217 describes a cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) up to version 3.01, where an input parameter passed to a CGI script (notably swsrv.cgi) could be exploited to hijack a user session and bypass authentication. The underlying issue is impr...

CVE-2003-0217

Cross-site scripting XSS vulnerability in Neoteris Instant Virtual Extranet IVE 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script...

CVE-2002-0488

The vulnerability CVE-2002-0488 affects Linux Directory Penguin traceroute.pl CGI script version 1.0. A flaw in the traceroute.pl CGI allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter, enabling remote code execution. This assessment is supported by P...

CVE-2002-0488

Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter...